Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| CuteNews Discloses Web Server Information to Remote Users |
|---|
Categorie: Vulnerability
Posted: 2003-12-02 by ReCall
Views: 469
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: Arnaud Jacques of securiteinfo.com reported an information disclosure vulnerability in CuteNews. A remote user can determine information about the target web server.
It is reported that a remote user can request a URL for the 'index.php' script in debug mode to cause CuteNews to display the typical 'phpinfo' page.
A demonstration exploit URL is provided:
http://[target]/cutenews/index.php?debug
The vendor has reportedly been notified.
Impact: A remote user can determine information about the web server and PHP environment.
Solution: No solution was available at the time of this entry.
The author of the report suggests that, as a workaround, you can delete the following line from your index.php file:
if($HTTP_SERVER_VARS['QUERY_STRING'] == "debug"){ debug(); }
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=576
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
